ISC2 Certified In Cybersecurity: Chapter 1 Questions And Answers With Complete Solutions 100% Correct | 2024

ISC2 Certified In Cybersecurity: Chapter 1 Questions And Answers With Complete Solutions 100% Correct | 2024 The National Institute of Standards and Technology defines _____ as the characteristic of data or information when it is not made available or disclosed to unauthorized persons or processes. NIST SP 800-66 Confidentiality A term pertaining to any data about an individual that could be used to identify them. Personally Identifiable Information (PII) A term referring to information regarding one's health status. Protected Health Information (PHI) What measures the degree to which something is whole and complete, internally consistent and correct? Integrity _____ _____ is the assurance that data has not been altered in an unauthorized manner. Data Integrity _____ _____ refers to the maintenance of a known good configuration and expected operational function as the system processes the information. System Integrity The quality that a system has when it performs its intended function in an unimpaired manner, free from unauthorized manipulation of the system, whether intentional or accidental. NIST SP 800-27 Rev. A System Integrity The property that data has not been altered in an unauthorized manner. This covers data in storage, during processing and while in transit. NIST SP 800-27 Rev. A Data Integrity The condition an entity is at a point in time. State A documented, lowest level of security configuration allowed by a standard or organization. Baseline Integrity of data or system can always be ascertained by comparing the _____ with the current _____. Baseline and State If the two match, then the integrity of the data or the system is intact; if they two do not match, then the integrity of hte data or the system has been compromised. What is a measure of the importance assigned to information by its owner, or the purpose of denoting its need for protection? NIST SP 800-60 Vol 1 Rev 1 Sensitivity _____ information is information that if improperly disclosed (confidentiality) or modified (integrity) would harm an organization or individual. Sensitive What can be defined as timely and reliable access to information and the ability to use it by authorized users? Availability A measure of the degree to which an organization depends on the information or information system for the success of a mission or of a business function. NIST SP 800-60 Vol 1 Rev 1 Criticality To define security, it has become common to use the CIA Triad. Define the CIA Triad. Confidentiality Integrity Availability Access control process validating that the identity being claimed by a user or entity is known to the system by comparing one or more factors of identification. Authentication When users have stated their identity, it is necessary to validate that they are the rightful owners of that identity. This process of verifying or proving the user's identification is known as _____. Authentication What are the common methods of authentication? 1. Something you know (Knowledge-Based) 2. Something you have (Token-Based) 3. Something you are (Characteristics-Based) Something you know authentication methods. Passwords, Paraphrases, PIN (Personal Identification Number), Secret Code Something you have authentication methods. Tokens, Memory Cards, Smart Cards Something you are authentication methods. Biometrics, Measurable Characteristics A physical object a user possesses and controls that is used to authenticate the user's identity. NIST IR 7711 Tokens Biological characteristics of an individual, such as a fingerprint, hadn't geometry, voice, or iris patterns. Biometrics What are the types of authentication? 1. Single-Factor Authentication (SFA) 2. Multi-Factor Authentication (MFA) Use of just one of the three available factors to carry out the authentication process is known as? Single-Factor Authentication (SFA) Using two or more distinct instances of the three factors of authentication for identity verification is known as? Multi-Factor Authentication (MFA) The right or a permission that is granted to a system entity to access a system resource. Authorization The property that data has not been altered in an unauthorized manner. Integrity The characteristic of data or information when it is not made available or disclosed to unauthorized persons or processes. Confidentiality The right of an individual to control the distribution of information about themselves. Privacy Ensuring timely and reliable access to and use of information by authorized users. Availability The inability to deny taking an action, such as sending an email message. Non-Repudiation Access control process that compares one or more factors of identification to validate that the identity claimed by a user or entity is known to the system. Authentication The inability to deny taking an action, such as creating information, approving information, or sending and receiving a message. Non-Repudiation In 2016, the European Union passed this comprehensive legislation that addresses personal privacy, deeming it a individual human right? General Data Protection Regulation (GDPR) GDPR applies to all organizations, foreign or domestic, doing business in the EU or any persons in the EU. In the United States personal health privacy is protected by HIPAA. What does HIPAA stand for? Health Insurance Portability and Accountability Act (1996) A gap or weakness in an organization's protection of its valuable assets, including information is a _____? Vulnerability Something or someone that aims to exploit a vulnerability to gain unauthorized access is a _____? Threat Anything of value that is owned by an organization. This includes both tangible items such as information systems and physical property, and intangible items such as intellectual property. Assets An _____ is something in need of protection. A _____ is a gap or weakness in those protection efforts. A _____ is something or someone that aims to exploit a vulnerability to thwart protection efforts. 1. Asset 2. Vulnerability 3. Threat Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited by a threat source. NIST SP 800-30 Rev 1 Vulnerability Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image or reputation), organizational assets, individuals, other organizations or the nation through an information system via unauthorized access, destruction, disclosure, modification of information and/or denial of service. NIST SP 800-30 Rev 1 Threats